Cyber Essentials: A Pocket Guide
By Alan Calder
4.5/5
()
About this ebook
Every year, thousands of computer systems in the UK are compromised. The majority fall victim to easily preventable cyber attacks, carried out with tools which are freely available on the Internet.
Cyber Essentials is the UK Government's reaction to the proliferation of these attacks. It requires that organisations put basic security measures in place, enabling them to reliably counter the most common tactics employed by cyber criminals. From 1 October 2014, all suppliers bidding for a range of government ICT contracts – in particular contracts requiring the handling of sensitive and personal information – must be certified to the scheme.
This Pocket Guide explains how to achieve certification to Cyber Essentials in a fast, effective and cost-efficient manner. It will help you to:
- understand the requirements of the scheme
- implement the controls correctly
- realise when you are ready to seek certification
- get a grip on both the certification process and the distinction between Cyber Essentials and Cyber Essentials Plus
- find additional help and resources.
Alan Calder
Alan Calder is a leading author on IT governance and information security issues. He is the CEO of GRC International Group plc, the AIM-listed company that owns IT Governance Ltd. Alan is an acknowledged international cyber security guru. He has been involved in the development of a wide range of information security management training courses that have been accredited by the International Board for IT Governance Qualifications (IBITGQ). He is a frequent media commentator on information security and IT governance issues, and has contributed articles and expert comment to a wide range of trade, national and online news outlets.
Read more from Alan Calder
Information Security Risk Management for ISO 27001/ISO 27002, third edition Rating: 4 out of 5 stars4/5PCI DSS: A pocket guide, sixth edition Rating: 0 out of 5 stars0 ratingsIT Governance: Implementing Frameworks and Standards for the Corporate Governance of IT Rating: 4 out of 5 stars4/5Information Security Risk Management for ISO27001/ISO27002 Rating: 4 out of 5 stars4/5ISO 27001/ISO 27002: A guide to information security management systems Rating: 0 out of 5 stars0 ratingsISO/IEC 38500: The IT Governance Standard Rating: 5 out of 5 stars5/5Selling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsRisk Assessment for Asset Owners Rating: 4 out of 5 stars4/5IT Governance: A Pocket Guide Rating: 3 out of 5 stars3/5EU GDPR - A pocket guide, second edition Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide, fourth edition Rating: 0 out of 5 stars0 ratingsPCI DSS: A Pocket Guide Rating: 2 out of 5 stars2/5The Case for ISO27001:2013 Rating: 1 out of 5 stars1/5Cyber Essentials: A guide to the Cyber Essentials and Cyber Essentials Plus certifications Rating: 0 out of 5 stars0 ratingsNetwork and Information Systems (NIS) Regulations - A pocket guide for operators of essential services Rating: 0 out of 5 stars0 ratingsIT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsThe EU Data Protection Code of Conduct for Cloud Service Providers: A guide to compliance Rating: 0 out of 5 stars0 ratingsCompliance for Green IT: A Pocket Guide Rating: 5 out of 5 stars5/5Nine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsA concise introduction to the NIS Directive: A pocket guide for digital service providers Rating: 0 out of 5 stars0 ratingsThe Green Office: A Business Guide Rating: 0 out of 5 stars0 ratingsIT Regulatory Compliance in the UK Rating: 0 out of 5 stars0 ratings
Related to Cyber Essentials
Related ebooks
The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks Rating: 0 out of 5 stars0 ratingsNIST Cybersecurity Framework: A pocket guide Rating: 0 out of 5 stars0 ratingsCyber Security: Essential principles to secure your organisation Rating: 0 out of 5 stars0 ratingsHands-on Incident Response and Digital Forensics Rating: 0 out of 5 stars0 ratingsCyber Breach Response That Actually Works: Organizational Approach to Managing Residual Risk Rating: 0 out of 5 stars0 ratingsBuilding Effective Cybersecurity Programs: A Security Manager’s Handbook Rating: 4 out of 5 stars4/5IT Governance Critical Issues Series: Cyber Security Rating: 0 out of 5 stars0 ratingsCyber Security Consultants Playbook Rating: 0 out of 5 stars0 ratingsBuilding a Practical Information Security Program Rating: 5 out of 5 stars5/5Fundamentals of Adopting the NIST Cybersecurity Framework Rating: 0 out of 5 stars0 ratingsSecurity Engineering: CISSP, #3 Rating: 0 out of 5 stars0 ratingsInformation Security Governance: A Practical Development and Implementation Approach Rating: 0 out of 5 stars0 ratingsComputer Incident Response and Forensics Team Management: Conducting a Successful Incident Response Rating: 4 out of 5 stars4/5Trends In Cybersecurity: The Insider To Insider Risks Rating: 0 out of 5 stars0 ratingsThe Future and Opportunities of Cybersecurity in the Workforce Rating: 3 out of 5 stars3/5Cyber Intelligence-Driven Risk: How to Build and Use Cyber Intelligence for Business Risk Decisions Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Maturity Model Certification (CMMC) – A pocket guide Rating: 0 out of 5 stars0 ratingsCybersecurity for Beginners : Learn the Fundamentals of Cybersecurity in an Easy, Step-by-Step Guide: 1 Rating: 0 out of 5 stars0 ratingsDesigning and Building Security Operations Center Rating: 3 out of 5 stars3/5Building an Effective Cybersecurity Program, 2nd Edition Rating: 0 out of 5 stars0 ratingsSelling Information Security to the Board: A Primer Rating: 0 out of 5 stars0 ratingsCEH: Certified Ethical Hacker v11 : Exam Cram Notes - First Edition - 2021 Rating: 0 out of 5 stars0 ratingsCISSP Exam Study Guide: NIST Framework, Digital Forensics & Cybersecurity Governance Rating: 5 out of 5 stars5/5The Certified Ethical Hacker Exam - version 8 (The concise study guide) Rating: 3 out of 5 stars3/5Certified Cybersecurity Compliance Professional Rating: 5 out of 5 stars5/5Information Security for Small and Midsized Businesses Rating: 0 out of 5 stars0 ratingsInformation Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratingsBuilding an Information Security Awareness Program: Defending Against Social Engineering and Technical Threats Rating: 0 out of 5 stars0 ratings
Security For You
Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5(ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide Rating: 3 out of 5 stars3/5Hacking For Dummies Rating: 4 out of 5 stars4/5Remote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Codes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsWireless Hacking 101 Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5IAPP CIPP / US Certified Information Privacy Professional Study Guide Rating: 0 out of 5 stars0 ratingsHacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5Tor and the Dark Art of Anonymity Rating: 5 out of 5 stars5/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Hacking : Guide to Computer Hacking and Penetration Testing Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Study Guide: Exam N10-004: Exam N10-004 2E Rating: 4 out of 5 stars4/5Ethical Hacking 101 - How to conduct professional pentestings in 21 days or less!: How to hack, #1 Rating: 5 out of 5 stars5/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5CompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsHow to Hack Like a Pornstar Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCompTIA CySA+ Study Guide: Exam CS0-003 Rating: 0 out of 5 stars0 ratingsMike Meyers' CompTIA Security+ Certification Guide, Third Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5How to Measure Anything in Cybersecurity Risk Rating: 4 out of 5 stars4/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5
Reviews for Cyber Essentials
2 ratings0 reviews
Book preview
Cyber Essentials - Alan Calder
solution
INTRODUCTION
The origins of the Cyber Essentials scheme
Thousands of IT systems are compromised every day – a shocking fact. But when you consider the proliferation of cyber threats in recent years, it isn’t surprising that some of them are successful. Although cyber activists and spies often get more press, most are carried out by criminals and fraudsters looking for financial gain. The most common kinds of attacks now require little skill or expertise to carry out, and use technology which is widely available online – according to the Verizon 2013 Data Breach Investigations Report, 78% of the attacks they monitor fall into this category.
The UK Government wants to be sure that partners and contractors have a basic level of security in place to protect the data stored in their systems against these low-tech cyber attacks. The Government became aware that certification to a cyber security standard was often beyond the capability of small and medium-sized organisations (SMEs) and established the Cyber Essentials scheme in response. It is based on the advice given in the earlier publications 10 Steps to Cyber Security and Small Businesses: What you need to know about cyber security.
From 1 October 2014 all suppliers bidding for a range of government ICT contracts – in particular contracts requiring the handling of sensitive and personal information – must be certified to the scheme. Furthermore, suppliers will have to be reassessed at least once a year. Organisations can be certified to either Cyber Essentials or Cyber Essentials Plus (level 2 of the scheme), which demonstrates an even greater commitment to cyber security but requires an additional investment of money and organisational effort.
Why get certified?
You are probably reading this guide because UK Government contracts can be very lucrative and your company is therefore willing to deal with a lot of frustrating red tape to get one. Cyber Essentials should not be seen as a bureaucratic hold-up to business, however. The Information Assurance for Small and Medium Enterprises Consortium (IASME), the Information Security Forum (ISF) and the British Standards Institution (BSI) have all been deeply involved in the creation of the scheme, with the result that you can meet the requirements using easy to implement, low-cost solutions.
In today’s climate the business case for certification to a scheme like this goes beyond obtaining government contracts. For a start, take a look at the results of IT Governance’s international 2014 Boardroom Cyber Watch Survey. We asked whether respondents had received a customer query about their company’s information security credentials during the previous 12 months, and 55% of the 240 respondents said yes, a 5% increase on the previous year’s survey. It is clear that cyber security is of increasing importance to private companies as well as governments.
There is also a good chance that your organisation is already compliant with many of the controls, so becoming certified is not only valuable but often quite easy.
This is no reason for complacency, however; even large organisations may not have covered every control. To ensure that your ability to bid for a contract is not undermined, to protect from future legal consequences and to make sure that you only have to go through the auditing process once, it is crucial that you ensure you are